Botan 3.6.1
Crypto and TLS for C&
Botan::SHA_256 Class Referencefinal

#include <sha2_32.h>

Inheritance diagram for Botan::SHA_256:
Botan::HashFunction Botan::Buffered_Computation

Public Types

using digest_type = secure_vector<uint32_t>
 

Public Member Functions

void clear () override
 
HashFunctionclone () const
 
std::unique_ptr< HashFunctioncopy_state () const override
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T final ()
 
void final (std::span< uint8_t > out)
 
template<concepts::resizable_byte_buffer T>
void final (T &out)
 
void final (uint8_t out[])
 
std::vector< uint8_t > final_stdvec ()
 
size_t hash_block_size () const override
 
std::string name () const override
 
std::unique_ptr< HashFunctionnew_object () const override
 
size_t output_length () const override
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T process (const uint8_t in[], size_t length)
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T process (std::span< const uint8_t > in)
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T process (std::string_view in)
 
std::string provider () const override
 
void update (const uint8_t in[], size_t length)
 
void update (std::span< const uint8_t > in)
 
void update (std::string_view str)
 
void update (uint8_t in)
 
void update_be (uint16_t val)
 
void update_be (uint32_t val)
 
void update_be (uint64_t val)
 
void update_le (uint16_t val)
 
void update_le (uint32_t val)
 
void update_le (uint64_t val)
 

Static Public Member Functions

static void compress_digest (digest_type &digest, std::span< const uint8_t > input, size_t blocks)
 
static void compress_digest_armv8 (digest_type &digest, std::span< const uint8_t > input, size_t blocks)
 
static void compress_digest_x86 (digest_type &digest, std::span< const uint8_t > input, size_t blocks)
 
static void compress_digest_x86_bmi2 (digest_type &digest, std::span< const uint8_t > input, size_t blocks)
 
static void compress_n (digest_type &digest, std::span< const uint8_t > input, size_t blocks)
 
static std::unique_ptr< HashFunctioncreate (std::string_view algo_spec, std::string_view provider="")
 
static std::unique_ptr< HashFunctioncreate_or_throw (std::string_view algo_spec, std::string_view provider="")
 
static void init (digest_type &digest)
 
static std::vector< std::string > providers (std::string_view algo_spec)
 

Static Public Attributes

static constexpr MD_Endian bit_endianness = MD_Endian::Big
 
static constexpr size_t block_bytes = 64
 
static constexpr MD_Endian byte_endianness = MD_Endian::Big
 
static constexpr size_t ctr_bytes = 8
 
static constexpr size_t output_bytes = 32
 

Detailed Description

SHA-256

Definition at line 59 of file sha2_32.h.

Member Typedef Documentation

◆ digest_type

Definition at line 61 of file sha2_32.h.

Member Function Documentation

◆ clear()

void Botan::SHA_256::clear ( )
inlineoverridevirtual

Reset the state.

Implements Botan::HashFunction.

Definition at line 83 of file sha2_32.h.

83{ m_md.clear(); }

◆ clone()

HashFunction * Botan::HashFunction::clone ( ) const
inlineinherited
Returns
new object representing the same algorithm as *this

Definition at line 87 of file hash.h.

87{ return this->new_object().release(); }
virtual std::unique_ptr< HashFunction > new_object() const =0

◆ compress_digest()

void Botan::SHA_256::compress_digest ( digest_type & digest,
std::span< const uint8_t > input,
size_t blocks )
static

Definition at line 49 of file sha2_32.cpp.

49 {
50#if defined(BOTAN_HAS_SHA2_32_X86)
51 if(CPUID::has_intel_sha()) {
52 return SHA_256::compress_digest_x86(digest, input, blocks);
53 }
54#endif
55
56#if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
57 if(CPUID::has_bmi2()) {
58 return SHA_256::compress_digest_x86_bmi2(digest, input, blocks);
59 }
60#endif
61
62#if defined(BOTAN_HAS_SHA2_32_ARMV8)
63 if(CPUID::has_arm_sha2()) {
64 return SHA_256::compress_digest_armv8(digest, input, blocks);
65 }
66#endif
67
68 uint32_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4], F = digest[5], G = digest[6],
69 H = digest[7];
70
71 std::array<uint32_t, 16> W;
72
73 BufferSlicer in(input);
74
75 for(size_t i = 0; i != blocks; ++i) {
76 load_be(W, in.take<block_bytes>());
77
78 // clang-format off
79
80 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98);
81 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491);
82 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF);
83 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5);
84 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B);
85 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1);
86 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4);
87 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5);
88 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98);
89 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01);
90 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE);
91 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3);
92 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74);
93 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE);
94 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7);
95 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174);
96
97 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1);
98 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786);
99 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6);
100 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC);
101 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F);
102 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA);
103 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC);
104 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA);
105 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152);
106 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D);
107 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8);
108 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7);
109 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3);
110 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147);
111 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351);
112 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967);
113
114 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85);
115 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138);
116 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC);
117 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13);
118 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354);
119 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB);
120 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E);
121 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85);
122 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1);
123 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B);
124 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70);
125 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3);
126 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819);
127 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624);
128 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585);
129 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070);
130
131 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116);
132 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08);
133 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C);
134 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5);
135 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3);
136 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A);
137 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F);
138 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3);
139 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE);
140 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F);
141 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814);
142 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208);
143 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA);
144 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB);
145 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7);
146 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2);
147
148 // clang-format on
149
150 A = (digest[0] += A);
151 B = (digest[1] += B);
152 C = (digest[2] += C);
153 D = (digest[3] += D);
154 E = (digest[4] += E);
155 F = (digest[5] += F);
156 G = (digest[6] += G);
157 H = (digest[7] += H);
158 }
159}
static void compress_digest_x86(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
static void compress_digest_armv8(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
static void compress_digest_x86_bmi2(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
static constexpr size_t block_bytes
Definition sha2_32.h:65
BOTAN_FORCE_INLINE void SHA2_32_F(uint32_t A, uint32_t B, uint32_t C, uint32_t &D, uint32_t E, uint32_t F, uint32_t G, uint32_t &H, uint32_t &M1, uint32_t M2, uint32_t M3, uint32_t M4, uint32_t magic)
Definition sha2_32_f.h:19
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:530

References block_bytes, compress_digest_armv8(), compress_digest_x86(), compress_digest_x86_bmi2(), Botan::load_be(), Botan::SHA2_32_F(), and Botan::BufferSlicer::take().

Referenced by Botan::SHA_224::compress_n(), and compress_n().

◆ compress_digest_armv8()

void Botan::SHA_256::compress_digest_armv8 ( digest_type & digest,
std::span< const uint8_t > input,
size_t blocks )
static

Definition at line 22 of file sha2_32_armv8.cpp.

22 {
23 alignas(64) static const uint32_t K[] = {
24 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
25 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
26 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
27 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
28 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
29 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
30 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
31 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
32 };
33
34 // Load initial values
35 uint32x4_t STATE0 = vld1q_u32(&digest[0]);
36 uint32x4_t STATE1 = vld1q_u32(&digest[4]);
37
38 // Intermediate void* cast due to https://llvm.org/bugs/show_bug.cgi?id=20670
39 const uint32_t* input32 = reinterpret_cast<const uint32_t*>(reinterpret_cast<const void*>(input8.data()));
40
41 while(blocks > 0) {
42 // Save current state
43 const uint32x4_t ABCD_SAVE = STATE0;
44 const uint32x4_t EFGH_SAVE = STATE1;
45
46 uint32x4_t MSG0 = vld1q_u32(input32 + 0);
47 uint32x4_t MSG1 = vld1q_u32(input32 + 4);
48 uint32x4_t MSG2 = vld1q_u32(input32 + 8);
49 uint32x4_t MSG3 = vld1q_u32(input32 + 12);
50
51 MSG0 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG0)));
52 MSG1 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG1)));
53 MSG2 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG2)));
54 MSG3 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG3)));
55
56 uint32x4_t MSG_K, TSTATE;
57
58 // Rounds 0-3
59 MSG_K = vaddq_u32(MSG0, vld1q_u32(&K[4 * 0]));
60 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
61 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
62 STATE0 = TSTATE;
63 MSG0 = vsha256su1q_u32(vsha256su0q_u32(MSG0, MSG1), MSG2, MSG3);
64
65 // Rounds 4-7
66 MSG_K = vaddq_u32(MSG1, vld1q_u32(&K[4 * 1]));
67 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
68 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
69 STATE0 = TSTATE;
70 MSG1 = vsha256su1q_u32(vsha256su0q_u32(MSG1, MSG2), MSG3, MSG0);
71
72 // Rounds 8-11
73 MSG_K = vaddq_u32(MSG2, vld1q_u32(&K[4 * 2]));
74 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
75 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
76 STATE0 = TSTATE;
77 MSG2 = vsha256su1q_u32(vsha256su0q_u32(MSG2, MSG3), MSG0, MSG1);
78
79 // Rounds 12-15
80 MSG_K = vaddq_u32(MSG3, vld1q_u32(&K[4 * 3]));
81 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
82 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
83 STATE0 = TSTATE;
84 MSG3 = vsha256su1q_u32(vsha256su0q_u32(MSG3, MSG0), MSG1, MSG2);
85
86 // Rounds 16-19
87 MSG_K = vaddq_u32(MSG0, vld1q_u32(&K[4 * 4]));
88 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
89 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
90 STATE0 = TSTATE;
91 MSG0 = vsha256su1q_u32(vsha256su0q_u32(MSG0, MSG1), MSG2, MSG3);
92
93 // Rounds 20-23
94 MSG_K = vaddq_u32(MSG1, vld1q_u32(&K[4 * 5]));
95 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
96 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
97 STATE0 = TSTATE;
98 MSG1 = vsha256su1q_u32(vsha256su0q_u32(MSG1, MSG2), MSG3, MSG0);
99
100 // Rounds 24-27
101 MSG_K = vaddq_u32(MSG2, vld1q_u32(&K[4 * 6]));
102 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
103 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
104 STATE0 = TSTATE;
105 MSG2 = vsha256su1q_u32(vsha256su0q_u32(MSG2, MSG3), MSG0, MSG1);
106
107 // Rounds 28-31
108 MSG_K = vaddq_u32(MSG3, vld1q_u32(&K[4 * 7]));
109 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
110 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
111 STATE0 = TSTATE;
112 MSG3 = vsha256su1q_u32(vsha256su0q_u32(MSG3, MSG0), MSG1, MSG2);
113
114 // Rounds 32-35
115 MSG_K = vaddq_u32(MSG0, vld1q_u32(&K[4 * 8]));
116 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
117 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
118 STATE0 = TSTATE;
119 MSG0 = vsha256su1q_u32(vsha256su0q_u32(MSG0, MSG1), MSG2, MSG3);
120
121 // Rounds 36-39
122 MSG_K = vaddq_u32(MSG1, vld1q_u32(&K[4 * 9]));
123 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
124 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
125 STATE0 = TSTATE;
126 MSG1 = vsha256su1q_u32(vsha256su0q_u32(MSG1, MSG2), MSG3, MSG0);
127
128 // Rounds 40-43
129 MSG_K = vaddq_u32(MSG2, vld1q_u32(&K[4 * 10]));
130 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
131 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
132 STATE0 = TSTATE;
133 MSG2 = vsha256su1q_u32(vsha256su0q_u32(MSG2, MSG3), MSG0, MSG1);
134
135 // Rounds 44-47
136 MSG_K = vaddq_u32(MSG3, vld1q_u32(&K[4 * 11]));
137 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
138 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
139 STATE0 = TSTATE;
140 MSG3 = vsha256su1q_u32(vsha256su0q_u32(MSG3, MSG0), MSG1, MSG2);
141
142 // Rounds 48-51
143 MSG_K = vaddq_u32(MSG0, vld1q_u32(&K[4 * 12]));
144 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
145 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
146 STATE0 = TSTATE;
147
148 // Rounds 52-55
149 MSG_K = vaddq_u32(MSG1, vld1q_u32(&K[4 * 13]));
150 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
151 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
152 STATE0 = TSTATE;
153
154 // Rounds 56-59
155 MSG_K = vaddq_u32(MSG2, vld1q_u32(&K[4 * 14]));
156 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
157 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
158 STATE0 = TSTATE;
159
160 // Rounds 60-63
161 MSG_K = vaddq_u32(MSG3, vld1q_u32(&K[4 * 15]));
162 TSTATE = vsha256hq_u32(STATE0, STATE1, MSG_K);
163 STATE1 = vsha256h2q_u32(STATE1, STATE0, MSG_K);
164 STATE0 = TSTATE;
165
166 // Add back to state
167 STATE0 = vaddq_u32(STATE0, ABCD_SAVE);
168 STATE1 = vaddq_u32(STATE1, EFGH_SAVE);
169
170 input32 += 64 / 4;
171 blocks--;
172 }
173
174 // Save state
175 vst1q_u32(&digest[0], STATE0);
176 vst1q_u32(&digest[4], STATE1);
177}

Referenced by compress_digest().

◆ compress_digest_x86()

void Botan::SHA_256::compress_digest_x86 ( digest_type & digest,
std::span< const uint8_t > input,
size_t blocks )
static

Definition at line 16 of file sha2_32_x86.cpp.

16 {
17 alignas(64) static const uint32_t K[] = {
18 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
19 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
20 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
21 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
22 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
23 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
24 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
25 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
26 };
27
28 const __m128i* K_mm = reinterpret_cast<const __m128i*>(K);
29
30 uint32_t* state = &digest[0];
31
32 const __m128i* input_mm = reinterpret_cast<const __m128i*>(input.data());
33 const __m128i MASK = _mm_set_epi64x(0x0c0d0e0f08090a0b, 0x0405060700010203);
34
35 // Load initial values
36 __m128i STATE0 = _mm_loadu_si128(reinterpret_cast<__m128i*>(&state[0]));
37 __m128i STATE1 = _mm_loadu_si128(reinterpret_cast<__m128i*>(&state[4]));
38
39 STATE0 = _mm_shuffle_epi32(STATE0, 0xB1); // CDAB
40 STATE1 = _mm_shuffle_epi32(STATE1, 0x1B); // EFGH
41
42 __m128i TMP = _mm_alignr_epi8(STATE0, STATE1, 8); // ABEF
43 STATE1 = _mm_blend_epi16(STATE1, STATE0, 0xF0); // CDGH
44 STATE0 = TMP;
45
46 while(blocks > 0) {
47 // Save current state
48 const __m128i ABEF_SAVE = STATE0;
49 const __m128i CDGH_SAVE = STATE1;
50
51 __m128i MSG;
52
53 __m128i TMSG0 = _mm_shuffle_epi8(_mm_loadu_si128(input_mm), MASK);
54 __m128i TMSG1 = _mm_shuffle_epi8(_mm_loadu_si128(input_mm + 1), MASK);
55 __m128i TMSG2 = _mm_shuffle_epi8(_mm_loadu_si128(input_mm + 2), MASK);
56 __m128i TMSG3 = _mm_shuffle_epi8(_mm_loadu_si128(input_mm + 3), MASK);
57
58 // Rounds 0-3
59 MSG = _mm_add_epi32(TMSG0, _mm_load_si128(K_mm));
60 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
61 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
62
63 // Rounds 4-7
64 MSG = _mm_add_epi32(TMSG1, _mm_load_si128(K_mm + 1));
65 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
66 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
67
68 TMSG0 = _mm_sha256msg1_epu32(TMSG0, TMSG1);
69
70 // Rounds 8-11
71 MSG = _mm_add_epi32(TMSG2, _mm_load_si128(K_mm + 2));
72 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
73 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
74
75 TMSG1 = _mm_sha256msg1_epu32(TMSG1, TMSG2);
76
77 // Rounds 12-15
78 MSG = _mm_add_epi32(TMSG3, _mm_load_si128(K_mm + 3));
79 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
80 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
81
82 TMSG0 = _mm_add_epi32(TMSG0, _mm_alignr_epi8(TMSG3, TMSG2, 4));
83 TMSG0 = _mm_sha256msg2_epu32(TMSG0, TMSG3);
84 TMSG2 = _mm_sha256msg1_epu32(TMSG2, TMSG3);
85
86 // Rounds 16-19
87 MSG = _mm_add_epi32(TMSG0, _mm_load_si128(K_mm + 4));
88 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
89 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
90
91 TMSG1 = _mm_add_epi32(TMSG1, _mm_alignr_epi8(TMSG0, TMSG3, 4));
92 TMSG1 = _mm_sha256msg2_epu32(TMSG1, TMSG0);
93 TMSG3 = _mm_sha256msg1_epu32(TMSG3, TMSG0);
94
95 // Rounds 20-23
96 MSG = _mm_add_epi32(TMSG1, _mm_load_si128(K_mm + 5));
97 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
98 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
99
100 TMSG2 = _mm_add_epi32(TMSG2, _mm_alignr_epi8(TMSG1, TMSG0, 4));
101 TMSG2 = _mm_sha256msg2_epu32(TMSG2, TMSG1);
102 TMSG0 = _mm_sha256msg1_epu32(TMSG0, TMSG1);
103
104 // Rounds 24-27
105 MSG = _mm_add_epi32(TMSG2, _mm_load_si128(K_mm + 6));
106 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
107 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
108
109 TMSG3 = _mm_add_epi32(TMSG3, _mm_alignr_epi8(TMSG2, TMSG1, 4));
110 TMSG3 = _mm_sha256msg2_epu32(TMSG3, TMSG2);
111 TMSG1 = _mm_sha256msg1_epu32(TMSG1, TMSG2);
112
113 // Rounds 28-31
114 MSG = _mm_add_epi32(TMSG3, _mm_load_si128(K_mm + 7));
115 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
116 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
117
118 TMSG0 = _mm_add_epi32(TMSG0, _mm_alignr_epi8(TMSG3, TMSG2, 4));
119 TMSG0 = _mm_sha256msg2_epu32(TMSG0, TMSG3);
120 TMSG2 = _mm_sha256msg1_epu32(TMSG2, TMSG3);
121
122 // Rounds 32-35
123 MSG = _mm_add_epi32(TMSG0, _mm_load_si128(K_mm + 8));
124 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
125 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
126
127 TMSG1 = _mm_add_epi32(TMSG1, _mm_alignr_epi8(TMSG0, TMSG3, 4));
128 TMSG1 = _mm_sha256msg2_epu32(TMSG1, TMSG0);
129 TMSG3 = _mm_sha256msg1_epu32(TMSG3, TMSG0);
130
131 // Rounds 36-39
132 MSG = _mm_add_epi32(TMSG1, _mm_load_si128(K_mm + 9));
133 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
134 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
135
136 TMSG2 = _mm_add_epi32(TMSG2, _mm_alignr_epi8(TMSG1, TMSG0, 4));
137 TMSG2 = _mm_sha256msg2_epu32(TMSG2, TMSG1);
138 TMSG0 = _mm_sha256msg1_epu32(TMSG0, TMSG1);
139
140 // Rounds 40-43
141 MSG = _mm_add_epi32(TMSG2, _mm_load_si128(K_mm + 10));
142 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
143 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
144
145 TMSG3 = _mm_add_epi32(TMSG3, _mm_alignr_epi8(TMSG2, TMSG1, 4));
146 TMSG3 = _mm_sha256msg2_epu32(TMSG3, TMSG2);
147 TMSG1 = _mm_sha256msg1_epu32(TMSG1, TMSG2);
148
149 // Rounds 44-47
150 MSG = _mm_add_epi32(TMSG3, _mm_load_si128(K_mm + 11));
151 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
152 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
153
154 TMSG0 = _mm_add_epi32(TMSG0, _mm_alignr_epi8(TMSG3, TMSG2, 4));
155 TMSG0 = _mm_sha256msg2_epu32(TMSG0, TMSG3);
156 TMSG2 = _mm_sha256msg1_epu32(TMSG2, TMSG3);
157
158 // Rounds 48-51
159 MSG = _mm_add_epi32(TMSG0, _mm_load_si128(K_mm + 12));
160 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
161 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
162
163 TMSG1 = _mm_add_epi32(TMSG1, _mm_alignr_epi8(TMSG0, TMSG3, 4));
164 TMSG1 = _mm_sha256msg2_epu32(TMSG1, TMSG0);
165 TMSG3 = _mm_sha256msg1_epu32(TMSG3, TMSG0);
166
167 // Rounds 52-55
168 MSG = _mm_add_epi32(TMSG1, _mm_load_si128(K_mm + 13));
169 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
170 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
171
172 TMSG2 = _mm_add_epi32(TMSG2, _mm_alignr_epi8(TMSG1, TMSG0, 4));
173 TMSG2 = _mm_sha256msg2_epu32(TMSG2, TMSG1);
174
175 // Rounds 56-59
176 MSG = _mm_add_epi32(TMSG2, _mm_load_si128(K_mm + 14));
177 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
178 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
179
180 TMSG3 = _mm_add_epi32(TMSG3, _mm_alignr_epi8(TMSG2, TMSG1, 4));
181 TMSG3 = _mm_sha256msg2_epu32(TMSG3, TMSG2);
182
183 // Rounds 60-63
184 MSG = _mm_add_epi32(TMSG3, _mm_load_si128(K_mm + 15));
185 STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);
186 STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, _mm_shuffle_epi32(MSG, 0x0E));
187
188 // Add values back to state
189 STATE0 = _mm_add_epi32(STATE0, ABEF_SAVE);
190 STATE1 = _mm_add_epi32(STATE1, CDGH_SAVE);
191
192 input_mm += 4;
193 blocks--;
194 }
195
196 STATE0 = _mm_shuffle_epi32(STATE0, 0x1B); // FEBA
197 STATE1 = _mm_shuffle_epi32(STATE1, 0xB1); // DCHG
198
199 // Save state
200 _mm_storeu_si128(reinterpret_cast<__m128i*>(&state[0]), _mm_blend_epi16(STATE0, STATE1, 0xF0)); // DCBA
201 _mm_storeu_si128(reinterpret_cast<__m128i*>(&state[4]), _mm_alignr_epi8(STATE1, STATE0, 8)); // ABEF
202}

Referenced by compress_digest().

◆ compress_digest_x86_bmi2()

void Botan::SHA_256::compress_digest_x86_bmi2 ( digest_type & digest,
std::span< const uint8_t > input,
size_t blocks )
static

Definition at line 24 of file sha2_32_bmi2.cpp.

24 {
25 uint32_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4], F = digest[5], G = digest[6],
26 H = digest[7];
27
28 std::array<uint32_t, 16> W;
29
30 BufferSlicer in(input);
31
32 for(size_t i = 0; i != blocks; ++i) {
33 load_be(W, in.take<block_bytes>());
34
35 // clang-format off
36
37 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98);
38 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491);
39 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF);
40 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5);
41 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B);
42 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1);
43 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4);
44 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5);
45 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98);
46 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01);
47 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE);
48 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3);
49 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74);
50 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE);
51 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7);
52 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174);
53
54 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1);
55 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786);
56 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6);
57 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC);
58 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F);
59 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA);
60 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC);
61 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA);
62 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152);
63 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D);
64 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8);
65 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7);
66 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3);
67 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147);
68 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351);
69 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967);
70
71 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85);
72 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138);
73 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC);
74 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13);
75 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354);
76 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB);
77 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E);
78 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85);
79 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1);
80 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B);
81 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70);
82 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3);
83 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819);
84 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624);
85 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585);
86 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070);
87
88 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116);
89 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08);
90 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C);
91 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5);
92 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3);
93 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A);
94 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F);
95 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3);
96 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE);
97 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F);
98 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814);
99 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208);
100 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA);
101 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB);
102 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7);
103 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2);
104
105 // clang-format on
106
107 A = (digest[0] += A);
108 B = (digest[1] += B);
109 C = (digest[2] += C);
110 D = (digest[3] += D);
111 E = (digest[4] += E);
112 F = (digest[5] += F);
113 G = (digest[6] += G);
114 H = (digest[7] += H);
115 }
116}

References block_bytes, Botan::load_be(), Botan::SHA2_32_F(), and Botan::BufferSlicer::take().

Referenced by compress_digest().

◆ compress_n()

void Botan::SHA_256::compress_n ( digest_type & digest,
std::span< const uint8_t > input,
size_t blocks )
static

Definition at line 193 of file sha2_32.cpp.

193 {
194 SHA_256::compress_digest(digest, input, blocks);
195}
static void compress_digest(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:49

References compress_digest().

◆ copy_state()

std::unique_ptr< HashFunction > Botan::SHA_256::copy_state ( ) const
overridevirtual

Return a new hash object with the same state as *this. This allows computing the hash of several messages with a common prefix more efficiently than would otherwise be possible.

This function should be called clone but that was already used for the case of returning an uninitialized object.

Returns
new hash object

Implements Botan::HashFunction.

Definition at line 205 of file sha2_32.cpp.

205 {
206 return std::make_unique<SHA_256>(*this);
207}

◆ create()

std::unique_ptr< HashFunction > Botan::HashFunction::create ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name, or return null if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 107 of file hash.cpp.

107 {
108#if defined(BOTAN_HAS_COMMONCRYPTO)
109 if(provider.empty() || provider == "commoncrypto") {
110 if(auto hash = make_commoncrypto_hash(algo_spec))
111 return hash;
112
113 if(!provider.empty())
114 return nullptr;
115 }
116#endif
117
118 if(provider.empty() == false && provider != "base") {
119 return nullptr; // unknown provider
120 }
121
122#if defined(BOTAN_HAS_SHA1)
123 if(algo_spec == "SHA-1") {
124 return std::make_unique<SHA_1>();
125 }
126#endif
127
128#if defined(BOTAN_HAS_SHA2_32)
129 if(algo_spec == "SHA-224") {
130 return std::make_unique<SHA_224>();
131 }
132
133 if(algo_spec == "SHA-256") {
134 return std::make_unique<SHA_256>();
135 }
136#endif
137
138#if defined(BOTAN_HAS_SHA2_64)
139 if(algo_spec == "SHA-384") {
140 return std::make_unique<SHA_384>();
141 }
142
143 if(algo_spec == "SHA-512") {
144 return std::make_unique<SHA_512>();
145 }
146
147 if(algo_spec == "SHA-512-256") {
148 return std::make_unique<SHA_512_256>();
149 }
150#endif
151
152#if defined(BOTAN_HAS_RIPEMD_160)
153 if(algo_spec == "RIPEMD-160") {
154 return std::make_unique<RIPEMD_160>();
155 }
156#endif
157
158#if defined(BOTAN_HAS_WHIRLPOOL)
159 if(algo_spec == "Whirlpool") {
160 return std::make_unique<Whirlpool>();
161 }
162#endif
163
164#if defined(BOTAN_HAS_MD5)
165 if(algo_spec == "MD5") {
166 return std::make_unique<MD5>();
167 }
168#endif
169
170#if defined(BOTAN_HAS_MD4)
171 if(algo_spec == "MD4") {
172 return std::make_unique<MD4>();
173 }
174#endif
175
176#if defined(BOTAN_HAS_GOST_34_11)
177 if(algo_spec == "GOST-R-34.11-94" || algo_spec == "GOST-34.11") {
178 return std::make_unique<GOST_34_11>();
179 }
180#endif
181
182#if defined(BOTAN_HAS_ADLER32)
183 if(algo_spec == "Adler32") {
184 return std::make_unique<Adler32>();
185 }
186#endif
187
188#if defined(BOTAN_HAS_CRC24)
189 if(algo_spec == "CRC24") {
190 return std::make_unique<CRC24>();
191 }
192#endif
193
194#if defined(BOTAN_HAS_CRC32)
195 if(algo_spec == "CRC32") {
196 return std::make_unique<CRC32>();
197 }
198#endif
199
200#if defined(BOTAN_HAS_STREEBOG)
201 if(algo_spec == "Streebog-256") {
202 return std::make_unique<Streebog>(256);
203 }
204 if(algo_spec == "Streebog-512") {
205 return std::make_unique<Streebog>(512);
206 }
207#endif
208
209#if defined(BOTAN_HAS_SM3)
210 if(algo_spec == "SM3") {
211 return std::make_unique<SM3>();
212 }
213#endif
214
215 const SCAN_Name req(algo_spec);
216
217#if defined(BOTAN_HAS_SKEIN_512)
218 if(req.algo_name() == "Skein-512") {
219 return std::make_unique<Skein_512>(req.arg_as_integer(0, 512), req.arg(1, ""));
220 }
221#endif
222
223#if defined(BOTAN_HAS_BLAKE2B)
224 if(req.algo_name() == "Blake2b" || req.algo_name() == "BLAKE2b") {
225 return std::make_unique<BLAKE2b>(req.arg_as_integer(0, 512));
226 }
227#endif
228
229#if defined(BOTAN_HAS_BLAKE2S)
230 if(req.algo_name() == "Blake2s" || req.algo_name() == "BLAKE2s") {
231 return std::make_unique<BLAKE2s>(req.arg_as_integer(0, 256));
232 }
233#endif
234
235#if defined(BOTAN_HAS_KECCAK)
236 if(req.algo_name() == "Keccak-1600") {
237 return std::make_unique<Keccak_1600>(req.arg_as_integer(0, 512));
238 }
239#endif
240
241#if defined(BOTAN_HAS_SHA3)
242 if(req.algo_name() == "SHA-3") {
243 return std::make_unique<SHA_3>(req.arg_as_integer(0, 512));
244 }
245#endif
246
247#if defined(BOTAN_HAS_SHAKE)
248 if(req.algo_name() == "SHAKE-128" && req.arg_count() == 1) {
249 return std::make_unique<SHAKE_128>(req.arg_as_integer(0));
250 }
251 if(req.algo_name() == "SHAKE-256" && req.arg_count() == 1) {
252 return std::make_unique<SHAKE_256>(req.arg_as_integer(0));
253 }
254#endif
255
256#if defined(BOTAN_HAS_PARALLEL_HASH)
257 if(req.algo_name() == "Parallel") {
258 std::vector<std::unique_ptr<HashFunction>> hashes;
259
260 for(size_t i = 0; i != req.arg_count(); ++i) {
261 auto h = HashFunction::create(req.arg(i));
262 if(!h) {
263 return nullptr;
264 }
265 hashes.push_back(std::move(h));
266 }
267
268 return std::make_unique<Parallel>(hashes);
269 }
270#endif
271
272#if defined(BOTAN_HAS_TRUNCATED_HASH)
273 if(req.algo_name() == "Truncated" && req.arg_count() == 2) {
274 auto hash = HashFunction::create(req.arg(0));
275 if(!hash) {
276 return nullptr;
277 }
278
279 return std::make_unique<Truncated_Hash>(std::move(hash), req.arg_as_integer(1));
280 }
281#endif
282
283#if defined(BOTAN_HAS_COMB4P)
284 if(req.algo_name() == "Comb4P" && req.arg_count() == 2) {
285 auto h1 = HashFunction::create(req.arg(0));
286 auto h2 = HashFunction::create(req.arg(1));
287
288 if(h1 && h2) {
289 return std::make_unique<Comb4P>(std::move(h1), std::move(h2));
290 }
291 }
292#endif
293
294 return nullptr;
295}
virtual std::string provider() const
Definition hash.h:49
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:107
std::unique_ptr< HashFunction > make_commoncrypto_hash(std::string_view name)

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::HashFunction::create(), Botan::make_commoncrypto_hash(), and Botan::HashFunction::provider().

Referenced by botan_hash_init(), Botan::BlockCipher::create(), Botan::EME::create(), Botan::EMSA::create(), Botan::HashFunction::create(), Botan::KDF::create(), Botan::MessageAuthenticationCode::create(), Botan::PasswordHashFamily::create(), Botan::PBKDF::create(), Botan::HashFunction::create_or_throw(), Botan::Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(), Botan::Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(), and Botan::X942_PRF::kdf().

◆ create_or_throw()

◆ final() [1/4]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::Buffered_Computation::final ( )
inlineinherited

Complete the computation and retrieve the final result as a container of your choice.

Returns
a contiguous container holding the result

Definition at line 78 of file buf_comp.h.

78 {
79 T output(output_length());
80 final_result(output);
81 return output;
82 }
virtual size_t output_length() const =0
FE_25519 T
Definition ge.cpp:34

References T.

◆ final() [2/4]

void Botan::Buffered_Computation::final ( std::span< uint8_t > out)
inlineinherited

Definition at line 86 of file buf_comp.h.

86 {
87 BOTAN_ARG_CHECK(out.size() >= output_length(), "provided output buffer has insufficient capacity");
88 final_result(out);
89 }
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29

References BOTAN_ARG_CHECK.

◆ final() [3/4]

template<concepts::resizable_byte_buffer T>
void Botan::Buffered_Computation::final ( T & out)
inlineinherited

Definition at line 92 of file buf_comp.h.

92 {
93 out.resize(output_length());
94 final_result(out);
95 }

◆ final() [4/4]

void Botan::Buffered_Computation::final ( uint8_t out[])
inlineinherited

◆ final_stdvec()

std::vector< uint8_t > Botan::Buffered_Computation::final_stdvec ( )
inlineinherited

Definition at line 84 of file buf_comp.h.

References final.

◆ hash_block_size()

size_t Botan::SHA_256::hash_block_size ( ) const
inlineoverridevirtual
Returns
hash block size as defined for this algorithm

Reimplemented from Botan::HashFunction.

Definition at line 77 of file sha2_32.h.

77{ return block_bytes; }

References block_bytes.

◆ init()

void Botan::SHA_256::init ( digest_type & digest)
static

Definition at line 197 of file sha2_32.cpp.

197 {
198 digest.assign({0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19});
199}

◆ name()

std::string Botan::SHA_256::name ( ) const
inlineoverridevirtual
Returns
the hash function name

Implements Botan::HashFunction.

Definition at line 73 of file sha2_32.h.

73{ return "SHA-256"; }

◆ new_object()

std::unique_ptr< HashFunction > Botan::SHA_256::new_object ( ) const
overridevirtual
Returns
new object representing the same algorithm as *this

Implements Botan::HashFunction.

Definition at line 201 of file sha2_32.cpp.

201 {
202 return std::make_unique<SHA_256>();
203}

◆ output_length()

size_t Botan::SHA_256::output_length ( ) const
inlineoverridevirtual
Returns
length of the output of this function in bytes

Implements Botan::Buffered_Computation.

Definition at line 75 of file sha2_32.h.

75{ return output_bytes; }
static constexpr size_t output_bytes
Definition sha2_32.h:66

References output_bytes.

◆ process() [1/3]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::Buffered_Computation::process ( const uint8_t in[],
size_t length )
inlineinherited

Update and finalize computation. Does the same as calling update() and final() consecutively.

Parameters
inthe input to process as a byte array
lengththe length of the byte array
Returns
the result of the call to final()

Definition at line 105 of file buf_comp.h.

105 {
106 update(in, length);
107 return final<T>();
108 }
int(* update)(CTX *, const void *, CC_LONG len)

References final, and update.

Referenced by Botan::Kyber_Symmetric_Primitives::H(), Botan::Kyber_Symmetric_Primitives::H(), and Botan::Kyber_Symmetric_Primitives::H().

◆ process() [2/3]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::Buffered_Computation::process ( std::span< const uint8_t > in)
inlineinherited

Update and finalize computation. Does the same as calling update() and final() consecutively.

Parameters
inthe input to process as a contiguous container
Returns
the result of the call to final()

Definition at line 129 of file buf_comp.h.

129 {
130 update(in);
131 return final<T>();
132 }

References final, and update.

◆ process() [3/3]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::Buffered_Computation::process ( std::string_view in)
inlineinherited

Update and finalize computation. Does the same as calling update() and final() consecutively.

Parameters
inthe input to process as a string
Returns
the result of the call to final()

Definition at line 117 of file buf_comp.h.

117 {
118 update(in);
119 return final<T>();
120 }

References final, and update.

◆ provider()

std::string Botan::SHA_256::provider ( ) const
overridevirtual
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented from Botan::HashFunction.

Definition at line 189 of file sha2_32.cpp.

189 {
190 return sha256_provider();
191}

◆ providers()

std::vector< std::string > Botan::HashFunction::providers ( std::string_view algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available
Parameters
algo_specalgorithm name

Definition at line 305 of file hash.cpp.

305 {
306 return probe_providers_of<HashFunction>(algo_spec, {"base", "commoncrypto"});
307}
std::vector< std::string > probe_providers_of(std::string_view algo_spec, const std::vector< std::string > &possible={"base"})
Definition scan_name.h:105

References Botan::probe_providers_of().

◆ update() [1/4]

void Botan::Buffered_Computation::update ( const uint8_t in[],
size_t length )
inlineinherited

◆ update() [2/4]

void Botan::Buffered_Computation::update ( std::span< const uint8_t > in)
inlineinherited

Add new input to process.

Parameters
inthe input to process as a contiguous data range

Definition at line 41 of file buf_comp.h.

41{ add_data(in); }

◆ update() [3/4]

void Botan::Buffered_Computation::update ( std::string_view str)
inlineinherited

Add new input to process.

Parameters
strthe input to process as a std::string_view. Will be interpreted as a byte array based on the strings encoding.

Definition at line 56 of file buf_comp.h.

56{ add_data({cast_char_ptr_to_uint8(str.data()), str.size()}); }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:273

References Botan::cast_char_ptr_to_uint8().

◆ update() [4/4]

void Botan::Buffered_Computation::update ( uint8_t in)
inlineinherited

Process a single byte.

Parameters
inthe byte to process

Definition at line 62 of file buf_comp.h.

62{ add_data({&in, 1}); }

◆ update_be() [1/3]

void Botan::Buffered_Computation::update_be ( uint16_t val)
inherited

Definition at line 13 of file buf_comp.cpp.

13 {
14 uint8_t inb[sizeof(val)];
15 store_be(val, inb);
16 add_data({inb, sizeof(inb)});
17}
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773

References Botan::store_be().

Referenced by Botan::mgf1_mask(), and Botan::pbkdf2().

◆ update_be() [2/3]

void Botan::Buffered_Computation::update_be ( uint32_t val)
inherited

Definition at line 19 of file buf_comp.cpp.

19 {
20 uint8_t inb[sizeof(val)];
21 store_be(val, inb);
22 add_data({inb, sizeof(inb)});
23}

References Botan::store_be().

◆ update_be() [3/3]

void Botan::Buffered_Computation::update_be ( uint64_t val)
inherited

Definition at line 25 of file buf_comp.cpp.

25 {
26 uint8_t inb[sizeof(val)];
27 store_be(val, inb);
28 add_data({inb, sizeof(inb)});
29}

References Botan::store_be().

◆ update_le() [1/3]

void Botan::Buffered_Computation::update_le ( uint16_t val)
inherited

Definition at line 31 of file buf_comp.cpp.

31 {
32 uint8_t inb[sizeof(val)];
33 store_le(val, inb);
34 add_data({inb, sizeof(inb)});
35}
constexpr auto store_le(ParamTs &&... params)
Definition loadstor.h:764

References Botan::store_le().

◆ update_le() [2/3]

void Botan::Buffered_Computation::update_le ( uint32_t val)
inherited

Definition at line 37 of file buf_comp.cpp.

37 {
38 uint8_t inb[sizeof(val)];
39 store_le(val, inb);
40 add_data({inb, sizeof(inb)});
41}

References Botan::store_le().

◆ update_le() [3/3]

void Botan::Buffered_Computation::update_le ( uint64_t val)
inherited

Definition at line 43 of file buf_comp.cpp.

43 {
44 uint8_t inb[sizeof(val)];
45 store_le(val, inb);
46 add_data({inb, sizeof(inb)});
47}

References Botan::store_le().

Member Data Documentation

◆ bit_endianness

MD_Endian Botan::SHA_256::bit_endianness = MD_Endian::Big
staticconstexpr

Definition at line 64 of file sha2_32.h.

◆ block_bytes

size_t Botan::SHA_256::block_bytes = 64
staticconstexpr

Definition at line 65 of file sha2_32.h.

Referenced by compress_digest(), compress_digest_x86_bmi2(), and hash_block_size().

◆ byte_endianness

MD_Endian Botan::SHA_256::byte_endianness = MD_Endian::Big
staticconstexpr

Definition at line 63 of file sha2_32.h.

◆ ctr_bytes

size_t Botan::SHA_256::ctr_bytes = 8
staticconstexpr

Definition at line 67 of file sha2_32.h.

◆ output_bytes

size_t Botan::SHA_256::output_bytes = 32
staticconstexpr

Definition at line 66 of file sha2_32.h.

Referenced by output_length().


The documentation for this class was generated from the following files: